[cryptography] Client certificates, Tor-exit nodes and renegotiation

Guido Witmond guido at witmond.nl
Fri Mar 14 18:09:53 EDT 2014


On 03/14/14 17:48, Tom Ritter wrote:

> Yes - sending client certificates over Tor will de-anonymize in the
> same way that sending your real name or username over HTTP over Tor
> will de-anonymize you.  Personally I consider this a flaw of TLS, not
> Tor, which does not protect the client certificate from either a
> passive or active adversary.  There were some proposals to move client
> certificates further into the handshake, and protect them against a
> passive and/or active adversary (depending on proposal) - but they did
> not have much traction and then Snowden happened and everyone is
> focused on TLS 1.3.

Thanks for confirming.

Ironically, lousy password over TLS and Tor are safer than strong client
certificates and Tor...

It seems that 1.3 addresses this problems entirely.
  https://www.ietf.org/proceedings/87/slides/slides-87-tls-5.pdf


> A nit: when you say every "system on-route to the server", I assume
> you mean between the exit node and the HTTPS endpoint, in which case
> yes. If you mean every Tor intermediate node, then no.

Sorry, yes, I meant, from the exit node towards the server.

> Using TLS-renegotiation to send the client certificate inside an
> already-server-authenticated channel seems like it would work to me -
> I have not tried doing it with any library.

I'll give it a try.

Regards, Guido.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140314/4fd454c8/attachment.asc>


More information about the cryptography mailing list